STIGQter: STIG Summary: Oracle Database 11g Installation STIG Version: 8 Release: 20 Benchmark Date: 28 Jul 2017:

DBA roles should be periodically monitored to detect assignment of unauthorized or excess privileges.

DISA Rule

SV-24675r1_rule

Vulnerability Number

V-15106

Group Title

DBMS DBA role privilege monitoring

Rule Version

DG0086-ORACLE11

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Design, document and implement procedures for monitoring DBA role privilege assignments.

Grant the DBA role the minimum privileges required to perform administrative functions.

Establish monitoring of DBA role privileges monthly or more often.

Check Contents

Review documented procedures and implementation evidence of DBA role privilege monitoring.

If procedures are not documented or noted in the System Security Plan or are not complete, this is a Finding.

If evidence of implementation for monitoring does not exist, this is a Finding.

If monitoring does not occur monthly (~30 days) or more often, this is a Finding.

Vulnerability Number

V-15106

Documentable

False

Rule Version

DG0086-ORACLE11

Severity Override Guidance

Review documented procedures and implementation evidence of DBA role privilege monitoring.

If procedures are not documented or noted in the System Security Plan or are not complete, this is a Finding.

If evidence of implementation for monitoring does not exist, this is a Finding.

If monitoring does not occur monthly (~30 days) or more often, this is a Finding.

Check Content Reference

I

Responsibility

Information Assurance Officer

Target Key

1368

Comments